chromatic.com
HTTP check results
HTTP Response Headers
date
Mon, 06 Apr 2026 03:07:28 GMT
content-type
text/plain; charset=utf-8
content-length
48
location
https://www.chromatic.com/
content-security-policy-report-only
default-src 'self' https://d1g5x7b3jtu99v.cloudfront.net;script-src 'self' 'unsafe-inline' https://www2.chromatic.com js.stripe.com widget.intercom.io js.intercomcdn.com cdn.segment.com cdn.lr-in-prod.com https://*.google-analytics.com api.figma.com https://d1g5x7b3jtu99v.cloudfront.net data: connect.facebook.net https://googleads.g.doubleclick.net https://*.googletagmanager.com cdn.jsdelivr.net js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hsappstatic.net us-assets.i.posthog.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://cdn.vector.co/pixel.js https://*.clarity.ms https://api.app.bullseye.so cdn.getkoala.com js.hsadspixel.net cdn.cr-relay.com a.usbrowserspeed.com d-code.liadm.com https://web.cmp.usercentrics.eu https://assets.revenuehero.io snap.licdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d1g5x7b3jtu99v.cloudfront.net https://www2.chromatic.com;img-src * data:;font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;media-src 'self' https://js.intercomcdn.com https://d1g5x7b3jtu99v.cloudfront.net;connect-src 'self' https://*.chromatic.com https://index.chromatic.com snapshots.chromatic.com api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://cdn.segment.com https://*.google-analytics.com https://analytics.google.com https://api.segment.io https://stats.g.doubleclick.net https://api-us-east-1.graphcms.com https://r.lr-in-prod.com webmention.io hichroma.us15.list-manage.com https://*.ingest.sentry.io api.figma.com us.i.posthog.com https://pagead2.googlesyndication.com https://forms.hscollectedforms.net https://api.hsforms.com forms.hsforms.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://google.com api.vector.co https://*.clarity.ms https://api.app.bullseye.so https://pro.ip-api.com api.cr-relay.com https://www.facebook.com api.getkoala.com https://api.hubapi.com https://*.usercentrics.eu https://app.revenuehero.io px.ads.linkedin.com;child-src 'self' blob:;frame-src 'self' https://www.chromatic.com https://index.chromatic.com snapshots.chromatic.com js.stripe.com https://www.youtube.com https://chromatic-interactive-demo.netlify.app https://*.chromatic.com https://td.doubleclick.net https://*.googletagmanager.com https://meetings.hubspot.com https://forms.hsforms.com https://popup.schedulehero.io;frame-ancestors 'self' https://*.chromatic.com
x-dns-prefetch-control
off
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
x-download-options
noopen
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
referrer-policy
no-referrer,strict-origin-when-cross-origin
x-xss-protection
0
x-request-id
Root=1-69d32370-07f0ff975f99693e4d7f8796
vary
Accept, Accept-Encoding
Security Headers
strict-transport-security
x-content-type-options
x-frame-options
x-xss-protection
referrer-policy
content-security-policy
permissions-policy